<#include "/includes/vars.inc">
<@pp.dropOutputFile />
<#assign fileName = "${resourcesDir}/META-INF/applicationContext-security-http.xml">
<#if includeLoginSpring && !pp.outputFileExists(fileName)>
	<@pp.changeOutputFile name="${fileName}" />
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
            xmlns:sec="http://www.springframework.org/schema/security" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
            xsi:schemaLocation="http://www.springframework.org/schema/beans 
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security 
            http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <!-- Configure Spring Security -->
    <sec:http auto-config="true"  access-denied-page="/accessDenied.jsf">
        <sec:form-login login-page="/login.jsf" />
        <sec:intercept-url pattern="/resources/**" filters="none" />
        <sec:intercept-url pattern="/app/**" access="ROLE_ADMIN" />
        <sec:intercept-url pattern="/jeecode/**" access="ROLE_ADMIN" />
        <sec:anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS"/>
        <sec:session-management invalid-session-url="/sessionExpired.jsf" /> 
    </sec:http>

    <!-- business logic (method) security -->
    <sec:global-method-security
		secured-annotations="enabled" jsr250-annotations="enabled" >		
    </sec:global-method-security>
	
    <!-- manager responsible for loading user account with assigned roles -->
    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider user-service-ref="userDetailsService" />
    </sec:authentication-manager>

</beans>
</#if>